In accordance with the development of electronic equipment, various methods have been employed to use and manage pieces of data at workplaces.
In combination with a decrease in market price of memory devices, a high-capacity medium having high portability, such as a Universal Serial Bus (USB) memory or a memory card, has been used.
The memory card is accessible at high speed and is user-friendly. The memory card has been used as a storage medium that temporarily stores images taken with, for example, a digital camera. Such a memory card has come to be used for printing out images taken with the digital camera by setting the memory card directly in a printer.
Additionally, as integration degree per chip rises and storage capacity increases, a storage medium has come to be used in a wide range of purposes and has been increasingly used as a medium for data movement between personal computers (PCs). For this use, a USB memory, which is capable of being inserted into a USB slot provided in most personal computers, is widely used.
For example, there is a case in which a USB memory having a large storage capacity is used as a storage medium for data necessitated in a section of a company. Such USB memory may be managed in the section.
As the usage pattern of data is diversified as described is above, great importance has come to be placed on data confidentiality.
In recent years, in accordance with an improvement in portability of large-volume data, internal confidential documents of a company are more likely to leak out. If the confidential documents are leaked out, the company may suffer a great loss. Therefore, data security enhancement is a major task to be achieved.
Additionally, computer networks connected to the Internet are easily invaded by outsiders. Hence, files tend to be more tightly managed to combat the rise in the number of crimes committed through the networks. In the present situation, many companies impose restrictions on data movement, for example, even when an e-mail is sent together with attached data.
The same applies to a company intranet. There is a tendency to impose restrictions on the access to folders used between different sections of the company. For example, files are managed such that they are not to be read, not to be taken out and not to be printed out without permission.
Especially, if data is stored in a storage device such as the USB memory, the loss of the storage device will inevitably lead to data leakage.
Therefore, in order to enhance security for data-file management, an access key to a folder on networks or an access key to a storage device itself may be set. Additionally, data files may be encrypted such that a specific password is required for decrypting each data file.
However, such security enhancement may deteriorate usability of networks and storage devices.
For example, much time is consumed to print out an encrypted file when direct printing is performed by connecting a storage device directly to a printer without passing through a personal computer.
As described above, a desire to print out a data file stored in a storage device, such as a USB memory, has been increased.
This reflects a need to print out images taken with a digital camera by inserting a memory card directly to a printer without passing through a personal computer, or a need to print out data by inserting a memory such as a USB memory directly to a printer, from the viewpoint of the data security management of a company.
Especially if data can be managed with storage devices such as USB memories and can be printed out directly by a printer, a great security advantage will be obtained, because the usability and user-friendliness of a USB memory have been improved with an increase in storage capacity of the USB memory and because the data can be printed out directly by the printer.
However, if data stored in a storage device such as a USB memory is a piece of encrypted data in this case, a means for decrypting the encrypted data is required for the printer.
If a password has been assigned to each encrypted data file in this case, the password must be tiresomely input for each data file when a plurality of files are printed out.
Especially if each encrypted file has an individual password to decrypt the file, there is a need to confirm each password for each file. This is a complex procedure.
Furthermore, there is a case in which a password assigned to a file is set through a plurality of process steps, such as a retrieving step and a registering step. Therefore, although the security level is raised, workability is lowered. Thus, worker's operations may be affected.
JP-A-2005-99948 discloses a technique concerning an information processor capable of safely transmitting a piece of printing information to a printing apparatus and a technique concerning a printing apparatus capable of printing out the information received from the information processor.
FIG. 22 is a block diagram showing the whole structure of a system of JP-A-2005-99948.
An information processor 310 is connected to networks via a network I/F 405. Likewise, a printer 320 is connected to networks via a network I/F 327.
The information processor 310 includes a data storing section 412, a cryptographic key producing section 413 and an encrypting section 414.
The printer 320 includes a data storing section 322, a cryptographic key producing section 323, a decrypting section 324, a print data processing section 325 and a print engine 326.
In order to print out an electronic document, the information processor 310 first acquires a MAC address of the printer 320 or similar data via a network, and the cryptographic key producing section 413 produces a cryptographic key based on, for example, the MAC address. Thereafter, based on the cryptographic key, the electronic document is encrypted, and the resulting encrypted document is sent to the printer 320.
On the other hand, the printer 320 that has received the encrypted electronic document allows the cryptographic key producing section 323 to produce a cryptographic key from its own MAC address, then allows the decrypting section 324 to decrypt the encrypted electronic document received thereby and allows the print engine 326 to print out the document.
Since the completed cryptographic key is produced based on the same MAC address, for example, only the printer 320 specified by the print data processing section 325 can decrypt the encrypted electronic document. Therefore, a malicious third party can never acquire the data on the network and can never print out the data. Accordingly, the security of print data can be enhanced.
However, the aforementioned has the following problems.
According to the technique disclosed by JP-A-2005-99948, a cryptographic key used for encryption is produced based on information uniquely assigned to the printer. Therefore, if a plurality of data files stored in a storage device are printed out by the printer having the same cryptographic key, a printing operation will be scheduled to be performed only by such a specified printer at the stage where the data files are encrypted, although the usability of easily inputting a password is provided. As a result, there may be a disadvantageous possibility that another user using the printer cannot perform a printing operation.
Additionally, if a printing operation is performed via networks, a crucial problem will not arise, because a cryptographic key becomes unnecessary by a given printer performing the printing operation. However, when a data file is stored in a storage device and is encrypted, there is no point in encrypting the data file if a malicious third party knows the printer used by a user, because encryption is performed by using a MAC address of the printer.
Therefore, when a plurality of encrypted data files are intended to be printed out directly from the storage device, the technique disclosed by JP-A-2005-99948 is difficult to serve as an effective countermeasure against the problem of being required to show a password for each encrypted data file.